1 /* 2 * This file is part of UBIFS. 3 * 4 * Copyright (C) 2006-2008 Nokia Corporation. 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 as published by 8 * the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, but WITHOUT 11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 13 * more details. 14 * 15 * You should have received a copy of the GNU General Public License along with 16 * this program; if not, write to the Free Software Foundation, Inc., 51 17 * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 18 * 19 * Authors: Artem Bityutskiy (Битюцкий Артём) 20 * Adrian Hunter 21 */ 22 23 /* 24 * This file implements UBIFS journal. 25 * 26 * The journal consists of 2 parts - the log and bud LEBs. The log has fixed 27 * length and position, while a bud logical eraseblock is any LEB in the main 28 * area. Buds contain file system data - data nodes, inode nodes, etc. The log 29 * contains only references to buds and some other stuff like commit 30 * start node. The idea is that when we commit the journal, we do 31 * not copy the data, the buds just become indexed. Since after the commit the 32 * nodes in bud eraseblocks become leaf nodes of the file system index tree, we 33 * use term "bud". Analogy is obvious, bud eraseblocks contain nodes which will 34 * become leafs in the future. 35 * 36 * The journal is multi-headed because we want to write data to the journal as 37 * optimally as possible. It is nice to have nodes belonging to the same inode 38 * in one LEB, so we may write data owned by different inodes to different 39 * journal heads, although at present only one data head is used. 40 * 41 * For recovery reasons, the base head contains all inode nodes, all directory 42 * entry nodes and all truncate nodes. This means that the other heads contain 43 * only data nodes. 44 * 45 * Bud LEBs may be half-indexed. For example, if the bud was not full at the 46 * time of commit, the bud is retained to continue to be used in the journal, 47 * even though the "front" of the LEB is now indexed. In that case, the log 48 * reference contains the offset where the bud starts for the purposes of the 49 * journal. 50 * 51 * The journal size has to be limited, because the larger is the journal, the 52 * longer it takes to mount UBIFS (scanning the journal) and the more memory it 53 * takes (indexing in the TNC). 54 * 55 * All the journal write operations like 'ubifs_jnl_update()' here, which write 56 * multiple UBIFS nodes to the journal at one go, are atomic with respect to 57 * unclean reboots. Should the unclean reboot happen, the recovery code drops 58 * all the nodes. 59 */ 60 61 #include "ubifs.h" 62 63 /** 64 * zero_ino_node_unused - zero out unused fields of an on-flash inode node. 65 * @ino: the inode to zero out 66 */ 67 static inline void zero_ino_node_unused(struct ubifs_ino_node *ino) 68 { 69 memset(ino->padding1, 0, 4); 70 memset(ino->padding2, 0, 26); 71 } 72 73 /** 74 * zero_dent_node_unused - zero out unused fields of an on-flash directory 75 * entry node. 76 * @dent: the directory entry to zero out 77 */ 78 static inline void zero_dent_node_unused(struct ubifs_dent_node *dent) 79 { 80 dent->padding1 = 0; 81 } 82 83 /** 84 * zero_trun_node_unused - zero out unused fields of an on-flash truncation 85 * node. 86 * @trun: the truncation node to zero out 87 */ 88 static inline void zero_trun_node_unused(struct ubifs_trun_node *trun) 89 { 90 memset(trun->padding, 0, 12); 91 } 92 93 static void ubifs_add_auth_dirt(struct ubifs_info *c, int lnum) 94 { 95 if (ubifs_authenticated(c)) 96 ubifs_add_dirt(c, lnum, ubifs_auth_node_sz(c)); 97 } 98 99 /** 100 * reserve_space - reserve space in the journal. 101 * @c: UBIFS file-system description object 102 * @jhead: journal head number 103 * @len: node length 104 * 105 * This function reserves space in journal head @head. If the reservation 106 * succeeded, the journal head stays locked and later has to be unlocked using 107 * 'release_head()'. Returns zero in case of success, %-EAGAIN if commit has to 108 * be done, and other negative error codes in case of other failures. 109 */ 110 static int reserve_space(struct ubifs_info *c, int jhead, int len) 111 { 112 int err = 0, err1, retries = 0, avail, lnum, offs, squeeze; 113 struct ubifs_wbuf *wbuf = &c->jheads[jhead].wbuf; 114 115 /* 116 * Typically, the base head has smaller nodes written to it, so it is 117 * better to try to allocate space at the ends of eraseblocks. This is 118 * what the squeeze parameter does. 119 */ 120 ubifs_assert(c, !c->ro_media && !c->ro_mount); 121 squeeze = (jhead == BASEHD); 122 again: 123 mutex_lock_nested(&wbuf->io_mutex, wbuf->jhead); 124 125 if (c->ro_error) { 126 err = -EROFS; 127 goto out_unlock; 128 } 129 130 avail = c->leb_size - wbuf->offs - wbuf->used; 131 if (wbuf->lnum != -1 && avail >= len) 132 return 0; 133 134 /* 135 * Write buffer wasn't seek'ed or there is no enough space - look for an 136 * LEB with some empty space. 137 */ 138 lnum = ubifs_find_free_space(c, len, &offs, squeeze); 139 if (lnum >= 0) 140 goto out; 141 142 err = lnum; 143 if (err != -ENOSPC) 144 goto out_unlock; 145 146 /* 147 * No free space, we have to run garbage collector to make 148 * some. But the write-buffer mutex has to be unlocked because 149 * GC also takes it. 150 */ 151 dbg_jnl("no free space in jhead %s, run GC", dbg_jhead(jhead)); 152 mutex_unlock(&wbuf->io_mutex); 153 154 lnum = ubifs_garbage_collect(c, 0); 155 if (lnum < 0) { 156 err = lnum; 157 if (err != -ENOSPC) 158 return err; 159 160 /* 161 * GC could not make a free LEB. But someone else may 162 * have allocated new bud for this journal head, 163 * because we dropped @wbuf->io_mutex, so try once 164 * again. 165 */ 166 dbg_jnl("GC couldn't make a free LEB for jhead %s", 167 dbg_jhead(jhead)); 168 if (retries++ < 2) { 169 dbg_jnl("retry (%d)", retries); 170 goto again; 171 } 172 173 dbg_jnl("return -ENOSPC"); 174 return err; 175 } 176 177 mutex_lock_nested(&wbuf->io_mutex, wbuf->jhead); 178 dbg_jnl("got LEB %d for jhead %s", lnum, dbg_jhead(jhead)); 179 avail = c->leb_size - wbuf->offs - wbuf->used; 180 181 if (wbuf->lnum != -1 && avail >= len) { 182 /* 183 * Someone else has switched the journal head and we have 184 * enough space now. This happens when more than one process is 185 * trying to write to the same journal head at the same time. 186 */ 187 dbg_jnl("return LEB %d back, already have LEB %d:%d", 188 lnum, wbuf->lnum, wbuf->offs + wbuf->used); 189 err = ubifs_return_leb(c, lnum); 190 if (err) 191 goto out_unlock; 192 return 0; 193 } 194 195 offs = 0; 196 197 out: 198 /* 199 * Make sure we synchronize the write-buffer before we add the new bud 200 * to the log. Otherwise we may have a power cut after the log 201 * reference node for the last bud (@lnum) is written but before the 202 * write-buffer data are written to the next-to-last bud 203 * (@wbuf->lnum). And the effect would be that the recovery would see 204 * that there is corruption in the next-to-last bud. 205 */ 206 err = ubifs_wbuf_sync_nolock(wbuf); 207 if (err) 208 goto out_return; 209 err = ubifs_add_bud_to_log(c, jhead, lnum, offs); 210 if (err) 211 goto out_return; 212 err = ubifs_wbuf_seek_nolock(wbuf, lnum, offs); 213 if (err) 214 goto out_unlock; 215 216 return 0; 217 218 out_unlock: 219 mutex_unlock(&wbuf->io_mutex); 220 return err; 221 222 out_return: 223 /* An error occurred and the LEB has to be returned to lprops */ 224 ubifs_assert(c, err < 0); 225 err1 = ubifs_return_leb(c, lnum); 226 if (err1 && err == -EAGAIN) 227 /* 228 * Return original error code only if it is not %-EAGAIN, 229 * which is not really an error. Otherwise, return the error 230 * code of 'ubifs_return_leb()'. 231 */ 232 err = err1; 233 mutex_unlock(&wbuf->io_mutex); 234 return err; 235 } 236 237 static int ubifs_hash_nodes(struct ubifs_info *c, void *node, 238 int len, struct shash_desc *hash) 239 { 240 int auth_node_size = ubifs_auth_node_sz(c); 241 int err; 242 243 while (1) { 244 const struct ubifs_ch *ch = node; 245 int nodelen = le32_to_cpu(ch->len); 246 247 ubifs_assert(c, len >= auth_node_size); 248 249 if (len == auth_node_size) 250 break; 251 252 ubifs_assert(c, len > nodelen); 253 ubifs_assert(c, ch->magic == cpu_to_le32(UBIFS_NODE_MAGIC)); 254 255 err = ubifs_shash_update(c, hash, (void *)node, nodelen); 256 if (err) 257 return err; 258 259 node += ALIGN(nodelen, 8); 260 len -= ALIGN(nodelen, 8); 261 } 262 263 return ubifs_prepare_auth_node(c, node, hash); 264 } 265 266 /** 267 * write_head - write data to a journal head. 268 * @c: UBIFS file-system description object 269 * @jhead: journal head 270 * @buf: buffer to write 271 * @len: length to write 272 * @lnum: LEB number written is returned here 273 * @offs: offset written is returned here 274 * @sync: non-zero if the write-buffer has to by synchronized 275 * 276 * This function writes data to the reserved space of journal head @jhead. 277 * Returns zero in case of success and a negative error code in case of 278 * failure. 279 */ 280 static int write_head(struct ubifs_info *c, int jhead, void *buf, int len, 281 int *lnum, int *offs, int sync) 282 { 283 int err; 284 struct ubifs_wbuf *wbuf = &c->jheads[jhead].wbuf; 285 286 ubifs_assert(c, jhead != GCHD); 287 288 *lnum = c->jheads[jhead].wbuf.lnum; 289 *offs = c->jheads[jhead].wbuf.offs + c->jheads[jhead].wbuf.used; 290 dbg_jnl("jhead %s, LEB %d:%d, len %d", 291 dbg_jhead(jhead), *lnum, *offs, len); 292 293 if (ubifs_authenticated(c)) { 294 err = ubifs_hash_nodes(c, buf, len, c->jheads[jhead].log_hash); 295 if (err) 296 return err; 297 } 298 299 err = ubifs_wbuf_write_nolock(wbuf, buf, len); 300 if (err) 301 return err; 302 if (sync) 303 err = ubifs_wbuf_sync_nolock(wbuf); 304 return err; 305 } 306 307 /** 308 * make_reservation - reserve journal space. 309 * @c: UBIFS file-system description object 310 * @jhead: journal head 311 * @len: how many bytes to reserve 312 * 313 * This function makes space reservation in journal head @jhead. The function 314 * takes the commit lock and locks the journal head, and the caller has to 315 * unlock the head and finish the reservation with 'finish_reservation()'. 316 * Returns zero in case of success and a negative error code in case of 317 * failure. 318 * 319 * Note, the journal head may be unlocked as soon as the data is written, while 320 * the commit lock has to be released after the data has been added to the 321 * TNC. 322 */ 323 static int make_reservation(struct ubifs_info *c, int jhead, int len) 324 { 325 int err, cmt_retries = 0, nospc_retries = 0; 326 327 again: 328 down_read(&c->commit_sem); 329 err = reserve_space(c, jhead, len); 330 if (!err) 331 /* c->commit_sem will get released via finish_reservation(). */ 332 return 0; 333 up_read(&c->commit_sem); 334 335 if (err == -ENOSPC) { 336 /* 337 * GC could not make any progress. We should try to commit 338 * once because it could make some dirty space and GC would 339 * make progress, so make the error -EAGAIN so that the below 340 * will commit and re-try. 341 */ 342 if (nospc_retries++ < 2) { 343 dbg_jnl("no space, retry"); 344 err = -EAGAIN; 345 } 346 347 /* 348 * This means that the budgeting is incorrect. We always have 349 * to be able to write to the media, because all operations are 350 * budgeted. Deletions are not budgeted, though, but we reserve 351 * an extra LEB for them. 352 */ 353 } 354 355 if (err != -EAGAIN) 356 goto out; 357 358 /* 359 * -EAGAIN means that the journal is full or too large, or the above 360 * code wants to do one commit. Do this and re-try. 361 */ 362 if (cmt_retries > 128) { 363 /* 364 * This should not happen unless the journal size limitations 365 * are too tough. 366 */ 367 ubifs_err(c, "stuck in space allocation"); 368 err = -ENOSPC; 369 goto out; 370 } else if (cmt_retries > 32) 371 ubifs_warn(c, "too many space allocation re-tries (%d)", 372 cmt_retries); 373 374 dbg_jnl("-EAGAIN, commit and retry (retried %d times)", 375 cmt_retries); 376 cmt_retries += 1; 377 378 err = ubifs_run_commit(c); 379 if (err) 380 return err; 381 goto again; 382 383 out: 384 ubifs_err(c, "cannot reserve %d bytes in jhead %d, error %d", 385 len, jhead, err); 386 if (err == -ENOSPC) { 387 /* This are some budgeting problems, print useful information */ 388 down_write(&c->commit_sem); 389 dump_stack(); 390 ubifs_dump_budg(c, &c->bi); 391 ubifs_dump_lprops(c); 392 cmt_retries = dbg_check_lprops(c); 393 up_write(&c->commit_sem); 394 } 395 return err; 396 } 397 398 /** 399 * release_head - release a journal head. 400 * @c: UBIFS file-system description object 401 * @jhead: journal head 402 * 403 * This function releases journal head @jhead which was locked by 404 * the 'make_reservation()' function. It has to be called after each successful 405 * 'make_reservation()' invocation. 406 */ 407 static inline void release_head(struct ubifs_info *c, int jhead) 408 { 409 mutex_unlock(&c->jheads[jhead].wbuf.io_mutex); 410 } 411 412 /** 413 * finish_reservation - finish a reservation. 414 * @c: UBIFS file-system description object 415 * 416 * This function finishes journal space reservation. It must be called after 417 * 'make_reservation()'. 418 */ 419 static void finish_reservation(struct ubifs_info *c) 420 { 421 up_read(&c->commit_sem); 422 } 423 424 /** 425 * get_dent_type - translate VFS inode mode to UBIFS directory entry type. 426 * @mode: inode mode 427 */ 428 static int get_dent_type(int mode) 429 { 430 switch (mode & S_IFMT) { 431 case S_IFREG: 432 return UBIFS_ITYPE_REG; 433 case S_IFDIR: 434 return UBIFS_ITYPE_DIR; 435 case S_IFLNK: 436 return UBIFS_ITYPE_LNK; 437 case S_IFBLK: 438 return UBIFS_ITYPE_BLK; 439 case S_IFCHR: 440 return UBIFS_ITYPE_CHR; 441 case S_IFIFO: 442 return UBIFS_ITYPE_FIFO; 443 case S_IFSOCK: 444 return UBIFS_ITYPE_SOCK; 445 default: 446 BUG(); 447 } 448 return 0; 449 } 450 451 /** 452 * pack_inode - pack an inode node. 453 * @c: UBIFS file-system description object 454 * @ino: buffer in which to pack inode node 455 * @inode: inode to pack 456 * @last: indicates the last node of the group 457 */ 458 static void pack_inode(struct ubifs_info *c, struct ubifs_ino_node *ino, 459 const struct inode *inode, int last) 460 { 461 int data_len = 0, last_reference = !inode->i_nlink; 462 struct ubifs_inode *ui = ubifs_inode(inode); 463 464 ino->ch.node_type = UBIFS_INO_NODE; 465 ino_key_init_flash(c, &ino->key, inode->i_ino); 466 ino->creat_sqnum = cpu_to_le64(ui->creat_sqnum); 467 ino->atime_sec = cpu_to_le64(inode->i_atime.tv_sec); 468 ino->atime_nsec = cpu_to_le32(inode->i_atime.tv_nsec); 469 ino->ctime_sec = cpu_to_le64(inode->i_ctime.tv_sec); 470 ino->ctime_nsec = cpu_to_le32(inode->i_ctime.tv_nsec); 471 ino->mtime_sec = cpu_to_le64(inode->i_mtime.tv_sec); 472 ino->mtime_nsec = cpu_to_le32(inode->i_mtime.tv_nsec); 473 ino->uid = cpu_to_le32(i_uid_read(inode)); 474 ino->gid = cpu_to_le32(i_gid_read(inode)); 475 ino->mode = cpu_to_le32(inode->i_mode); 476 ino->flags = cpu_to_le32(ui->flags); 477 ino->size = cpu_to_le64(ui->ui_size); 478 ino->nlink = cpu_to_le32(inode->i_nlink); 479 ino->compr_type = cpu_to_le16(ui->compr_type); 480 ino->data_len = cpu_to_le32(ui->data_len); 481 ino->xattr_cnt = cpu_to_le32(ui->xattr_cnt); 482 ino->xattr_size = cpu_to_le32(ui->xattr_size); 483 ino->xattr_names = cpu_to_le32(ui->xattr_names); 484 zero_ino_node_unused(ino); 485 486 /* 487 * Drop the attached data if this is a deletion inode, the data is not 488 * needed anymore. 489 */ 490 if (!last_reference) { 491 memcpy(ino->data, ui->data, ui->data_len); 492 data_len = ui->data_len; 493 } 494 495 ubifs_prep_grp_node(c, ino, UBIFS_INO_NODE_SZ + data_len, last); 496 } 497 498 /** 499 * mark_inode_clean - mark UBIFS inode as clean. 500 * @c: UBIFS file-system description object 501 * @ui: UBIFS inode to mark as clean 502 * 503 * This helper function marks UBIFS inode @ui as clean by cleaning the 504 * @ui->dirty flag and releasing its budget. Note, VFS may still treat the 505 * inode as dirty and try to write it back, but 'ubifs_write_inode()' would 506 * just do nothing. 507 */ 508 static void mark_inode_clean(struct ubifs_info *c, struct ubifs_inode *ui) 509 { 510 if (ui->dirty) 511 ubifs_release_dirty_inode_budget(c, ui); 512 ui->dirty = 0; 513 } 514 515 static void set_dent_cookie(struct ubifs_info *c, struct ubifs_dent_node *dent) 516 { 517 if (c->double_hash) 518 dent->cookie = prandom_u32(); 519 else 520 dent->cookie = 0; 521 } 522 523 /** 524 * ubifs_jnl_update - update inode. 525 * @c: UBIFS file-system description object 526 * @dir: parent inode or host inode in case of extended attributes 527 * @nm: directory entry name 528 * @inode: inode to update 529 * @deletion: indicates a directory entry deletion i.e unlink or rmdir 530 * @xent: non-zero if the directory entry is an extended attribute entry 531 * 532 * This function updates an inode by writing a directory entry (or extended 533 * attribute entry), the inode itself, and the parent directory inode (or the 534 * host inode) to the journal. 535 * 536 * The function writes the host inode @dir last, which is important in case of 537 * extended attributes. Indeed, then we guarantee that if the host inode gets 538 * synchronized (with 'fsync()'), and the write-buffer it sits in gets flushed, 539 * the extended attribute inode gets flushed too. And this is exactly what the 540 * user expects - synchronizing the host inode synchronizes its extended 541 * attributes. Similarly, this guarantees that if @dir is synchronized, its 542 * directory entry corresponding to @nm gets synchronized too. 543 * 544 * If the inode (@inode) or the parent directory (@dir) are synchronous, this 545 * function synchronizes the write-buffer. 546 * 547 * This function marks the @dir and @inode inodes as clean and returns zero on 548 * success. In case of failure, a negative error code is returned. 549 */ 550 int ubifs_jnl_update(struct ubifs_info *c, const struct inode *dir, 551 const struct fscrypt_name *nm, const struct inode *inode, 552 int deletion, int xent) 553 { 554 int err, dlen, ilen, len, lnum, ino_offs, dent_offs; 555 int aligned_dlen, aligned_ilen, sync = IS_DIRSYNC(dir); 556 int last_reference = !!(deletion && inode->i_nlink == 0); 557 struct ubifs_inode *ui = ubifs_inode(inode); 558 struct ubifs_inode *host_ui = ubifs_inode(dir); 559 struct ubifs_dent_node *dent; 560 struct ubifs_ino_node *ino; 561 union ubifs_key dent_key, ino_key; 562 u8 hash_dent[UBIFS_HASH_ARR_SZ]; 563 u8 hash_ino[UBIFS_HASH_ARR_SZ]; 564 u8 hash_ino_host[UBIFS_HASH_ARR_SZ]; 565 566 ubifs_assert(c, mutex_is_locked(&host_ui->ui_mutex)); 567 568 dlen = UBIFS_DENT_NODE_SZ + fname_len(nm) + 1; 569 ilen = UBIFS_INO_NODE_SZ; 570 571 /* 572 * If the last reference to the inode is being deleted, then there is 573 * no need to attach and write inode data, it is being deleted anyway. 574 * And if the inode is being deleted, no need to synchronize 575 * write-buffer even if the inode is synchronous. 576 */ 577 if (!last_reference) { 578 ilen += ui->data_len; 579 sync |= IS_SYNC(inode); 580 } 581 582 aligned_dlen = ALIGN(dlen, 8); 583 aligned_ilen = ALIGN(ilen, 8); 584 585 len = aligned_dlen + aligned_ilen + UBIFS_INO_NODE_SZ; 586 /* Make sure to also account for extended attributes */ 587 if (ubifs_authenticated(c)) 588 len += ALIGN(host_ui->data_len, 8) + ubifs_auth_node_sz(c); 589 else 590 len += host_ui->data_len; 591 592 dent = kzalloc(len, GFP_NOFS); 593 if (!dent) 594 return -ENOMEM; 595 596 /* Make reservation before allocating sequence numbers */ 597 err = make_reservation(c, BASEHD, len); 598 if (err) 599 goto out_free; 600 601 if (!xent) { 602 dent->ch.node_type = UBIFS_DENT_NODE; 603 if (nm->hash) 604 dent_key_init_hash(c, &dent_key, dir->i_ino, nm->hash); 605 else 606 dent_key_init(c, &dent_key, dir->i_ino, nm); 607 } else { 608 dent->ch.node_type = UBIFS_XENT_NODE; 609 xent_key_init(c, &dent_key, dir->i_ino, nm); 610 } 611 612 key_write(c, &dent_key, dent->key); 613 dent->inum = deletion ? 0 : cpu_to_le64(inode->i_ino); 614 dent->type = get_dent_type(inode->i_mode); 615 dent->nlen = cpu_to_le16(fname_len(nm)); 616 memcpy(dent->name, fname_name(nm), fname_len(nm)); 617 dent->name[fname_len(nm)] = '\0'; 618 set_dent_cookie(c, dent); 619 620 zero_dent_node_unused(dent); 621 ubifs_prep_grp_node(c, dent, dlen, 0); 622 err = ubifs_node_calc_hash(c, dent, hash_dent); 623 if (err) 624 goto out_release; 625 626 ino = (void *)dent + aligned_dlen; 627 pack_inode(c, ino, inode, 0); 628 err = ubifs_node_calc_hash(c, ino, hash_ino); 629 if (err) 630 goto out_release; 631 632 ino = (void *)ino + aligned_ilen; 633 pack_inode(c, ino, dir, 1); 634 err = ubifs_node_calc_hash(c, ino, hash_ino_host); 635 if (err) 636 goto out_release; 637 638 if (last_reference) { 639 err = ubifs_add_orphan(c, inode->i_ino); 640 if (err) { 641 release_head(c, BASEHD); 642 goto out_finish; 643 } 644 ui->del_cmtno = c->cmt_no; 645 } 646 647 err = write_head(c, BASEHD, dent, len, &lnum, &dent_offs, sync); 648 if (err) 649 goto out_release; 650 if (!sync) { 651 struct ubifs_wbuf *wbuf = &c->jheads[BASEHD].wbuf; 652 653 ubifs_wbuf_add_ino_nolock(wbuf, inode->i_ino); 654 ubifs_wbuf_add_ino_nolock(wbuf, dir->i_ino); 655 } 656 release_head(c, BASEHD); 657 kfree(dent); 658 ubifs_add_auth_dirt(c, lnum); 659 660 if (deletion) { 661 if (nm->hash) 662 err = ubifs_tnc_remove_dh(c, &dent_key, nm->minor_hash); 663 else 664 err = ubifs_tnc_remove_nm(c, &dent_key, nm); 665 if (err) 666 goto out_ro; 667 err = ubifs_add_dirt(c, lnum, dlen); 668 } else 669 err = ubifs_tnc_add_nm(c, &dent_key, lnum, dent_offs, dlen, 670 hash_dent, nm); 671 if (err) 672 goto out_ro; 673 674 /* 675 * Note, we do not remove the inode from TNC even if the last reference 676 * to it has just been deleted, because the inode may still be opened. 677 * Instead, the inode has been added to orphan lists and the orphan 678 * subsystem will take further care about it. 679 */ 680 ino_key_init(c, &ino_key, inode->i_ino); 681 ino_offs = dent_offs + aligned_dlen; 682 err = ubifs_tnc_add(c, &ino_key, lnum, ino_offs, ilen, hash_ino); 683 if (err) 684 goto out_ro; 685 686 ino_key_init(c, &ino_key, dir->i_ino); 687 ino_offs += aligned_ilen; 688 err = ubifs_tnc_add(c, &ino_key, lnum, ino_offs, 689 UBIFS_INO_NODE_SZ + host_ui->data_len, hash_ino_host); 690 if (err) 691 goto out_ro; 692 693 finish_reservation(c); 694 spin_lock(&ui->ui_lock); 695 ui->synced_i_size = ui->ui_size; 696 spin_unlock(&ui->ui_lock); 697 if (xent) { 698 spin_lock(&host_ui->ui_lock); 699 host_ui->synced_i_size = host_ui->ui_size; 700 spin_unlock(&host_ui->ui_lock); 701 } 702 mark_inode_clean(c, ui); 703 mark_inode_clean(c, host_ui); 704 return 0; 705 706 out_finish: 707 finish_reservation(c); 708 out_free: 709 kfree(dent); 710 return err; 711 712 out_release: 713 release_head(c, BASEHD); 714 kfree(dent); 715 out_ro: 716 ubifs_ro_mode(c, err); 717 if (last_reference) 718 ubifs_delete_orphan(c, inode->i_ino); 719 finish_reservation(c); 720 return err; 721 } 722 723 /** 724 * ubifs_jnl_write_data - write a data node to the journal. 725 * @c: UBIFS file-system description object 726 * @inode: inode the data node belongs to 727 * @key: node key 728 * @buf: buffer to write 729 * @len: data length (must not exceed %UBIFS_BLOCK_SIZE) 730 * 731 * This function writes a data node to the journal. Returns %0 if the data node 732 * was successfully written, and a negative error code in case of failure. 733 */ 734 int ubifs_jnl_write_data(struct ubifs_info *c, const struct inode *inode, 735 const union ubifs_key *key, const void *buf, int len) 736 { 737 struct ubifs_data_node *data; 738 int err, lnum, offs, compr_type, out_len, compr_len, auth_len; 739 int dlen = COMPRESSED_DATA_NODE_BUF_SZ, allocated = 1; 740 int write_len; 741 struct ubifs_inode *ui = ubifs_inode(inode); 742 bool encrypted = ubifs_crypt_is_encrypted(inode); 743 u8 hash[UBIFS_HASH_ARR_SZ]; 744 745 dbg_jnlk(key, "ino %lu, blk %u, len %d, key ", 746 (unsigned long)key_inum(c, key), key_block(c, key), len); 747 ubifs_assert(c, len <= UBIFS_BLOCK_SIZE); 748 749 if (encrypted) 750 dlen += UBIFS_CIPHER_BLOCK_SIZE; 751 752 auth_len = ubifs_auth_node_sz(c); 753 754 data = kmalloc(dlen + auth_len, GFP_NOFS | __GFP_NOWARN); 755 if (!data) { 756 /* 757 * Fall-back to the write reserve buffer. Note, we might be 758 * currently on the memory reclaim path, when the kernel is 759 * trying to free some memory by writing out dirty pages. The 760 * write reserve buffer helps us to guarantee that we are 761 * always able to write the data. 762 */ 763 allocated = 0; 764 mutex_lock(&c->write_reserve_mutex); 765 data = c->write_reserve_buf; 766 } 767 768 data->ch.node_type = UBIFS_DATA_NODE; 769 key_write(c, key, &data->key); 770 data->size = cpu_to_le32(len); 771 772 if (!(ui->flags & UBIFS_COMPR_FL)) 773 /* Compression is disabled for this inode */ 774 compr_type = UBIFS_COMPR_NONE; 775 else 776 compr_type = ui->compr_type; 777 778 out_len = compr_len = dlen - UBIFS_DATA_NODE_SZ; 779 ubifs_compress(c, buf, len, &data->data, &compr_len, &compr_type); 780 ubifs_assert(c, compr_len <= UBIFS_BLOCK_SIZE); 781 782 if (encrypted) { 783 err = ubifs_encrypt(inode, data, compr_len, &out_len, key_block(c, key)); 784 if (err) 785 goto out_free; 786 787 } else { 788 data->compr_size = 0; 789 out_len = compr_len; 790 } 791 792 dlen = UBIFS_DATA_NODE_SZ + out_len; 793 if (ubifs_authenticated(c)) 794 write_len = ALIGN(dlen, 8) + auth_len; 795 else 796 write_len = dlen; 797 798 data->compr_type = cpu_to_le16(compr_type); 799 800 /* Make reservation before allocating sequence numbers */ 801 err = make_reservation(c, DATAHD, write_len); 802 if (err) 803 goto out_free; 804 805 ubifs_prepare_node(c, data, dlen, 0); 806 err = write_head(c, DATAHD, data, write_len, &lnum, &offs, 0); 807 if (err) 808 goto out_release; 809 810 err = ubifs_node_calc_hash(c, data, hash); 811 if (err) 812 goto out_release; 813 814 ubifs_wbuf_add_ino_nolock(&c->jheads[DATAHD].wbuf, key_inum(c, key)); 815 release_head(c, DATAHD); 816 817 ubifs_add_auth_dirt(c, lnum); 818 819 err = ubifs_tnc_add(c, key, lnum, offs, dlen, hash); 820 if (err) 821 goto out_ro; 822 823 finish_reservation(c); 824 if (!allocated) 825 mutex_unlock(&c->write_reserve_mutex); 826 else 827 kfree(data); 828 return 0; 829 830 out_release: 831 release_head(c, DATAHD); 832 out_ro: 833 ubifs_ro_mode(c, err); 834 finish_reservation(c); 835 out_free: 836 if (!allocated) 837 mutex_unlock(&c->write_reserve_mutex); 838 else 839 kfree(data); 840 return err; 841 } 842 843 /** 844 * ubifs_jnl_write_inode - flush inode to the journal. 845 * @c: UBIFS file-system description object 846 * @inode: inode to flush 847 * 848 * This function writes inode @inode to the journal. If the inode is 849 * synchronous, it also synchronizes the write-buffer. Returns zero in case of 850 * success and a negative error code in case of failure. 851 */ 852 int ubifs_jnl_write_inode(struct ubifs_info *c, const struct inode *inode) 853 { 854 int err, lnum, offs; 855 struct ubifs_ino_node *ino; 856 struct ubifs_inode *ui = ubifs_inode(inode); 857 int sync = 0, write_len, ilen = UBIFS_INO_NODE_SZ; 858 int last_reference = !inode->i_nlink; 859 u8 hash[UBIFS_HASH_ARR_SZ]; 860 861 dbg_jnl("ino %lu, nlink %u", inode->i_ino, inode->i_nlink); 862 863 /* 864 * If the inode is being deleted, do not write the attached data. No 865 * need to synchronize the write-buffer either. 866 */ 867 if (!last_reference) { 868 ilen += ui->data_len; 869 sync = IS_SYNC(inode); 870 } 871 872 if (ubifs_authenticated(c)) 873 write_len = ALIGN(ilen, 8) + ubifs_auth_node_sz(c); 874 else 875 write_len = ilen; 876 877 ino = kmalloc(write_len, GFP_NOFS); 878 if (!ino) 879 return -ENOMEM; 880 881 /* Make reservation before allocating sequence numbers */ 882 err = make_reservation(c, BASEHD, write_len); 883 if (err) 884 goto out_free; 885 886 pack_inode(c, ino, inode, 1); 887 err = ubifs_node_calc_hash(c, ino, hash); 888 if (err) 889 goto out_release; 890 891 err = write_head(c, BASEHD, ino, write_len, &lnum, &offs, sync); 892 if (err) 893 goto out_release; 894 if (!sync) 895 ubifs_wbuf_add_ino_nolock(&c->jheads[BASEHD].wbuf, 896 inode->i_ino); 897 release_head(c, BASEHD); 898 899 ubifs_add_auth_dirt(c, lnum); 900 901 if (last_reference) { 902 err = ubifs_tnc_remove_ino(c, inode->i_ino); 903 if (err) 904 goto out_ro; 905 ubifs_delete_orphan(c, inode->i_ino); 906 err = ubifs_add_dirt(c, lnum, ilen); 907 } else { 908 union ubifs_key key; 909 910 ino_key_init(c, &key, inode->i_ino); 911 err = ubifs_tnc_add(c, &key, lnum, offs, ilen, hash); 912 } 913 if (err) 914 goto out_ro; 915 916 finish_reservation(c); 917 spin_lock(&ui->ui_lock); 918 ui->synced_i_size = ui->ui_size; 919 spin_unlock(&ui->ui_lock); 920 kfree(ino); 921 return 0; 922 923 out_release: 924 release_head(c, BASEHD); 925 out_ro: 926 ubifs_ro_mode(c, err); 927 finish_reservation(c); 928 out_free: 929 kfree(ino); 930 return err; 931 } 932 933 /** 934 * ubifs_jnl_delete_inode - delete an inode. 935 * @c: UBIFS file-system description object 936 * @inode: inode to delete 937 * 938 * This function deletes inode @inode which includes removing it from orphans, 939 * deleting it from TNC and, in some cases, writing a deletion inode to the 940 * journal. 941 * 942 * When regular file inodes are unlinked or a directory inode is removed, the 943 * 'ubifs_jnl_update()' function writes a corresponding deletion inode and 944 * direntry to the media, and adds the inode to orphans. After this, when the 945 * last reference to this inode has been dropped, this function is called. In 946 * general, it has to write one more deletion inode to the media, because if 947 * a commit happened between 'ubifs_jnl_update()' and 948 * 'ubifs_jnl_delete_inode()', the deletion inode is not in the journal 949 * anymore, and in fact it might not be on the flash anymore, because it might 950 * have been garbage-collected already. And for optimization reasons UBIFS does 951 * not read the orphan area if it has been unmounted cleanly, so it would have 952 * no indication in the journal that there is a deleted inode which has to be 953 * removed from TNC. 954 * 955 * However, if there was no commit between 'ubifs_jnl_update()' and 956 * 'ubifs_jnl_delete_inode()', then there is no need to write the deletion 957 * inode to the media for the second time. And this is quite a typical case. 958 * 959 * This function returns zero in case of success and a negative error code in 960 * case of failure. 961 */ 962 int ubifs_jnl_delete_inode(struct ubifs_info *c, const struct inode *inode) 963 { 964 int err; 965 struct ubifs_inode *ui = ubifs_inode(inode); 966 967 ubifs_assert(c, inode->i_nlink == 0); 968 969 if (ui->del_cmtno != c->cmt_no) 970 /* A commit happened for sure */ 971 return ubifs_jnl_write_inode(c, inode); 972 973 down_read(&c->commit_sem); 974 /* 975 * Check commit number again, because the first test has been done 976 * without @c->commit_sem, so a commit might have happened. 977 */ 978 if (ui->del_cmtno != c->cmt_no) { 979 up_read(&c->commit_sem); 980 return ubifs_jnl_write_inode(c, inode); 981 } 982 983 err = ubifs_tnc_remove_ino(c, inode->i_ino); 984 if (err) 985 ubifs_ro_mode(c, err); 986 else 987 ubifs_delete_orphan(c, inode->i_ino); 988 up_read(&c->commit_sem); 989 return err; 990 } 991 992 /** 993 * ubifs_jnl_xrename - cross rename two directory entries. 994 * @c: UBIFS file-system description object 995 * @fst_dir: parent inode of 1st directory entry to exchange 996 * @fst_inode: 1st inode to exchange 997 * @fst_nm: name of 1st inode to exchange 998 * @snd_dir: parent inode of 2nd directory entry to exchange 999 * @snd_inode: 2nd inode to exchange 1000 * @snd_nm: name of 2nd inode to exchange 1001 * @sync: non-zero if the write-buffer has to be synchronized 1002 * 1003 * This function implements the cross rename operation which may involve 1004 * writing 2 inodes and 2 directory entries. It marks the written inodes as clean 1005 * and returns zero on success. In case of failure, a negative error code is 1006 * returned. 1007 */ 1008 int ubifs_jnl_xrename(struct ubifs_info *c, const struct inode *fst_dir, 1009 const struct inode *fst_inode, 1010 const struct fscrypt_name *fst_nm, 1011 const struct inode *snd_dir, 1012 const struct inode *snd_inode, 1013 const struct fscrypt_name *snd_nm, int sync) 1014 { 1015 union ubifs_key key; 1016 struct ubifs_dent_node *dent1, *dent2; 1017 int err, dlen1, dlen2, lnum, offs, len, plen = UBIFS_INO_NODE_SZ; 1018 int aligned_dlen1, aligned_dlen2; 1019 int twoparents = (fst_dir != snd_dir); 1020 void *p; 1021 u8 hash_dent1[UBIFS_HASH_ARR_SZ]; 1022 u8 hash_dent2[UBIFS_HASH_ARR_SZ]; 1023 u8 hash_p1[UBIFS_HASH_ARR_SZ]; 1024 u8 hash_p2[UBIFS_HASH_ARR_SZ]; 1025 1026 ubifs_assert(c, ubifs_inode(fst_dir)->data_len == 0); 1027 ubifs_assert(c, ubifs_inode(snd_dir)->data_len == 0); 1028 ubifs_assert(c, mutex_is_locked(&ubifs_inode(fst_dir)->ui_mutex)); 1029 ubifs_assert(c, mutex_is_locked(&ubifs_inode(snd_dir)->ui_mutex)); 1030 1031 dlen1 = UBIFS_DENT_NODE_SZ + fname_len(snd_nm) + 1; 1032 dlen2 = UBIFS_DENT_NODE_SZ + fname_len(fst_nm) + 1; 1033 aligned_dlen1 = ALIGN(dlen1, 8); 1034 aligned_dlen2 = ALIGN(dlen2, 8); 1035 1036 len = aligned_dlen1 + aligned_dlen2 + ALIGN(plen, 8); 1037 if (twoparents) 1038 len += plen; 1039 1040 len += ubifs_auth_node_sz(c); 1041 1042 dent1 = kzalloc(len, GFP_NOFS); 1043 if (!dent1) 1044 return -ENOMEM; 1045 1046 /* Make reservation before allocating sequence numbers */ 1047 err = make_reservation(c, BASEHD, len); 1048 if (err) 1049 goto out_free; 1050 1051 /* Make new dent for 1st entry */ 1052 dent1->ch.node_type = UBIFS_DENT_NODE; 1053 dent_key_init_flash(c, &dent1->key, snd_dir->i_ino, snd_nm); 1054 dent1->inum = cpu_to_le64(fst_inode->i_ino); 1055 dent1->type = get_dent_type(fst_inode->i_mode); 1056 dent1->nlen = cpu_to_le16(fname_len(snd_nm)); 1057 memcpy(dent1->name, fname_name(snd_nm), fname_len(snd_nm)); 1058 dent1->name[fname_len(snd_nm)] = '\0'; 1059 set_dent_cookie(c, dent1); 1060 zero_dent_node_unused(dent1); 1061 ubifs_prep_grp_node(c, dent1, dlen1, 0); 1062 err = ubifs_node_calc_hash(c, dent1, hash_dent1); 1063 if (err) 1064 goto out_release; 1065 1066 /* Make new dent for 2nd entry */ 1067 dent2 = (void *)dent1 + aligned_dlen1; 1068 dent2->ch.node_type = UBIFS_DENT_NODE; 1069 dent_key_init_flash(c, &dent2->key, fst_dir->i_ino, fst_nm); 1070 dent2->inum = cpu_to_le64(snd_inode->i_ino); 1071 dent2->type = get_dent_type(snd_inode->i_mode); 1072 dent2->nlen = cpu_to_le16(fname_len(fst_nm)); 1073 memcpy(dent2->name, fname_name(fst_nm), fname_len(fst_nm)); 1074 dent2->name[fname_len(fst_nm)] = '\0'; 1075 set_dent_cookie(c, dent2); 1076 zero_dent_node_unused(dent2); 1077 ubifs_prep_grp_node(c, dent2, dlen2, 0); 1078 err = ubifs_node_calc_hash(c, dent2, hash_dent2); 1079 if (err) 1080 goto out_release; 1081 1082 p = (void *)dent2 + aligned_dlen2; 1083 if (!twoparents) { 1084 pack_inode(c, p, fst_dir, 1); 1085 err = ubifs_node_calc_hash(c, p, hash_p1); 1086 if (err) 1087 goto out_release; 1088 } else { 1089 pack_inode(c, p, fst_dir, 0); 1090 err = ubifs_node_calc_hash(c, p, hash_p1); 1091 if (err) 1092 goto out_release; 1093 p += ALIGN(plen, 8); 1094 pack_inode(c, p, snd_dir, 1); 1095 err = ubifs_node_calc_hash(c, p, hash_p2); 1096 if (err) 1097 goto out_release; 1098 } 1099 1100 err = write_head(c, BASEHD, dent1, len, &lnum, &offs, sync); 1101 if (err) 1102 goto out_release; 1103 if (!sync) { 1104 struct ubifs_wbuf *wbuf = &c->jheads[BASEHD].wbuf; 1105 1106 ubifs_wbuf_add_ino_nolock(wbuf, fst_dir->i_ino); 1107 ubifs_wbuf_add_ino_nolock(wbuf, snd_dir->i_ino); 1108 } 1109 release_head(c, BASEHD); 1110 1111 ubifs_add_auth_dirt(c, lnum); 1112 1113 dent_key_init(c, &key, snd_dir->i_ino, snd_nm); 1114 err = ubifs_tnc_add_nm(c, &key, lnum, offs, dlen1, hash_dent1, snd_nm); 1115 if (err) 1116 goto out_ro; 1117 1118 offs += aligned_dlen1; 1119 dent_key_init(c, &key, fst_dir->i_ino, fst_nm); 1120 err = ubifs_tnc_add_nm(c, &key, lnum, offs, dlen2, hash_dent2, fst_nm); 1121 if (err) 1122 goto out_ro; 1123 1124 offs += aligned_dlen2; 1125 1126 ino_key_init(c, &key, fst_dir->i_ino); 1127 err = ubifs_tnc_add(c, &key, lnum, offs, plen, hash_p1); 1128 if (err) 1129 goto out_ro; 1130 1131 if (twoparents) { 1132 offs += ALIGN(plen, 8); 1133 ino_key_init(c, &key, snd_dir->i_ino); 1134 err = ubifs_tnc_add(c, &key, lnum, offs, plen, hash_p2); 1135 if (err) 1136 goto out_ro; 1137 } 1138 1139 finish_reservation(c); 1140 1141 mark_inode_clean(c, ubifs_inode(fst_dir)); 1142 if (twoparents) 1143 mark_inode_clean(c, ubifs_inode(snd_dir)); 1144 kfree(dent1); 1145 return 0; 1146 1147 out_release: 1148 release_head(c, BASEHD); 1149 out_ro: 1150 ubifs_ro_mode(c, err); 1151 finish_reservation(c); 1152 out_free: 1153 kfree(dent1); 1154 return err; 1155 } 1156 1157 /** 1158 * ubifs_jnl_rename - rename a directory entry. 1159 * @c: UBIFS file-system description object 1160 * @old_dir: parent inode of directory entry to rename 1161 * @old_dentry: directory entry to rename 1162 * @new_dir: parent inode of directory entry to rename 1163 * @new_dentry: new directory entry (or directory entry to replace) 1164 * @sync: non-zero if the write-buffer has to be synchronized 1165 * 1166 * This function implements the re-name operation which may involve writing up 1167 * to 4 inodes and 2 directory entries. It marks the written inodes as clean 1168 * and returns zero on success. In case of failure, a negative error code is 1169 * returned. 1170 */ 1171 int ubifs_jnl_rename(struct ubifs_info *c, const struct inode *old_dir, 1172 const struct inode *old_inode, 1173 const struct fscrypt_name *old_nm, 1174 const struct inode *new_dir, 1175 const struct inode *new_inode, 1176 const struct fscrypt_name *new_nm, 1177 const struct inode *whiteout, int sync) 1178 { 1179 void *p; 1180 union ubifs_key key; 1181 struct ubifs_dent_node *dent, *dent2; 1182 int err, dlen1, dlen2, ilen, lnum, offs, len; 1183 int aligned_dlen1, aligned_dlen2, plen = UBIFS_INO_NODE_SZ; 1184 int last_reference = !!(new_inode && new_inode->i_nlink == 0); 1185 int move = (old_dir != new_dir); 1186 struct ubifs_inode *uninitialized_var(new_ui); 1187 u8 hash_old_dir[UBIFS_HASH_ARR_SZ]; 1188 u8 hash_new_dir[UBIFS_HASH_ARR_SZ]; 1189 u8 hash_new_inode[UBIFS_HASH_ARR_SZ]; 1190 u8 hash_dent1[UBIFS_HASH_ARR_SZ]; 1191 u8 hash_dent2[UBIFS_HASH_ARR_SZ]; 1192 1193 ubifs_assert(c, ubifs_inode(old_dir)->data_len == 0); 1194 ubifs_assert(c, ubifs_inode(new_dir)->data_len == 0); 1195 ubifs_assert(c, mutex_is_locked(&ubifs_inode(old_dir)->ui_mutex)); 1196 ubifs_assert(c, mutex_is_locked(&ubifs_inode(new_dir)->ui_mutex)); 1197 1198 dlen1 = UBIFS_DENT_NODE_SZ + fname_len(new_nm) + 1; 1199 dlen2 = UBIFS_DENT_NODE_SZ + fname_len(old_nm) + 1; 1200 if (new_inode) { 1201 new_ui = ubifs_inode(new_inode); 1202 ubifs_assert(c, mutex_is_locked(&new_ui->ui_mutex)); 1203 ilen = UBIFS_INO_NODE_SZ; 1204 if (!last_reference) 1205 ilen += new_ui->data_len; 1206 } else 1207 ilen = 0; 1208 1209 aligned_dlen1 = ALIGN(dlen1, 8); 1210 aligned_dlen2 = ALIGN(dlen2, 8); 1211 len = aligned_dlen1 + aligned_dlen2 + ALIGN(ilen, 8) + ALIGN(plen, 8); 1212 if (move) 1213 len += plen; 1214 1215 len += ubifs_auth_node_sz(c); 1216 1217 dent = kzalloc(len, GFP_NOFS); 1218 if (!dent) 1219 return -ENOMEM; 1220 1221 /* Make reservation before allocating sequence numbers */ 1222 err = make_reservation(c, BASEHD, len); 1223 if (err) 1224 goto out_free; 1225 1226 /* Make new dent */ 1227 dent->ch.node_type = UBIFS_DENT_NODE; 1228 dent_key_init_flash(c, &dent->key, new_dir->i_ino, new_nm); 1229 dent->inum = cpu_to_le64(old_inode->i_ino); 1230 dent->type = get_dent_type(old_inode->i_mode); 1231 dent->nlen = cpu_to_le16(fname_len(new_nm)); 1232 memcpy(dent->name, fname_name(new_nm), fname_len(new_nm)); 1233 dent->name[fname_len(new_nm)] = '\0'; 1234 set_dent_cookie(c, dent); 1235 zero_dent_node_unused(dent); 1236 ubifs_prep_grp_node(c, dent, dlen1, 0); 1237 err = ubifs_node_calc_hash(c, dent, hash_dent1); 1238 if (err) 1239 goto out_release; 1240 1241 dent2 = (void *)dent + aligned_dlen1; 1242 dent2->ch.node_type = UBIFS_DENT_NODE; 1243 dent_key_init_flash(c, &dent2->key, old_dir->i_ino, old_nm); 1244 1245 if (whiteout) { 1246 dent2->inum = cpu_to_le64(whiteout->i_ino); 1247 dent2->type = get_dent_type(whiteout->i_mode); 1248 } else { 1249 /* Make deletion dent */ 1250 dent2->inum = 0; 1251 dent2->type = DT_UNKNOWN; 1252 } 1253 dent2->nlen = cpu_to_le16(fname_len(old_nm)); 1254 memcpy(dent2->name, fname_name(old_nm), fname_len(old_nm)); 1255 dent2->name[fname_len(old_nm)] = '\0'; 1256 set_dent_cookie(c, dent2); 1257 zero_dent_node_unused(dent2); 1258 ubifs_prep_grp_node(c, dent2, dlen2, 0); 1259 err = ubifs_node_calc_hash(c, dent2, hash_dent2); 1260 if (err) 1261 goto out_release; 1262 1263 p = (void *)dent2 + aligned_dlen2; 1264 if (new_inode) { 1265 pack_inode(c, p, new_inode, 0); 1266 err = ubifs_node_calc_hash(c, p, hash_new_inode); 1267 if (err) 1268 goto out_release; 1269 1270 p += ALIGN(ilen, 8); 1271 } 1272 1273 if (!move) { 1274 pack_inode(c, p, old_dir, 1); 1275 err = ubifs_node_calc_hash(c, p, hash_old_dir); 1276 if (err) 1277 goto out_release; 1278 } else { 1279 pack_inode(c, p, old_dir, 0); 1280 err = ubifs_node_calc_hash(c, p, hash_old_dir); 1281 if (err) 1282 goto out_release; 1283 1284 p += ALIGN(plen, 8); 1285 pack_inode(c, p, new_dir, 1); 1286 err = ubifs_node_calc_hash(c, p, hash_new_dir); 1287 if (err) 1288 goto out_release; 1289 } 1290 1291 if (last_reference) { 1292 err = ubifs_add_orphan(c, new_inode->i_ino); 1293 if (err) { 1294 release_head(c, BASEHD); 1295 goto out_finish; 1296 } 1297 new_ui->del_cmtno = c->cmt_no; 1298 } 1299 1300 err = write_head(c, BASEHD, dent, len, &lnum, &offs, sync); 1301 if (err) 1302 goto out_release; 1303 if (!sync) { 1304 struct ubifs_wbuf *wbuf = &c->jheads[BASEHD].wbuf; 1305 1306 ubifs_wbuf_add_ino_nolock(wbuf, new_dir->i_ino); 1307 ubifs_wbuf_add_ino_nolock(wbuf, old_dir->i_ino); 1308 if (new_inode) 1309 ubifs_wbuf_add_ino_nolock(&c->jheads[BASEHD].wbuf, 1310 new_inode->i_ino); 1311 } 1312 release_head(c, BASEHD); 1313 1314 ubifs_add_auth_dirt(c, lnum); 1315 1316 dent_key_init(c, &key, new_dir->i_ino, new_nm); 1317 err = ubifs_tnc_add_nm(c, &key, lnum, offs, dlen1, hash_dent1, new_nm); 1318 if (err) 1319 goto out_ro; 1320 1321 offs += aligned_dlen1; 1322 if (whiteout) { 1323 dent_key_init(c, &key, old_dir->i_ino, old_nm); 1324 err = ubifs_tnc_add_nm(c, &key, lnum, offs, dlen2, hash_dent2, old_nm); 1325 if (err) 1326 goto out_ro; 1327 1328 ubifs_delete_orphan(c, whiteout->i_ino); 1329 } else { 1330 err = ubifs_add_dirt(c, lnum, dlen2); 1331 if (err) 1332 goto out_ro; 1333 1334 dent_key_init(c, &key, old_dir->i_ino, old_nm); 1335 err = ubifs_tnc_remove_nm(c, &key, old_nm); 1336 if (err) 1337 goto out_ro; 1338 } 1339 1340 offs += aligned_dlen2; 1341 if (new_inode) { 1342 ino_key_init(c, &key, new_inode->i_ino); 1343 err = ubifs_tnc_add(c, &key, lnum, offs, ilen, hash_new_inode); 1344 if (err) 1345 goto out_ro; 1346 offs += ALIGN(ilen, 8); 1347 } 1348 1349 ino_key_init(c, &key, old_dir->i_ino); 1350 err = ubifs_tnc_add(c, &key, lnum, offs, plen, hash_old_dir); 1351 if (err) 1352 goto out_ro; 1353 1354 if (move) { 1355 offs += ALIGN(plen, 8); 1356 ino_key_init(c, &key, new_dir->i_ino); 1357 err = ubifs_tnc_add(c, &key, lnum, offs, plen, hash_new_dir); 1358 if (err) 1359 goto out_ro; 1360 } 1361 1362 finish_reservation(c); 1363 if (new_inode) { 1364 mark_inode_clean(c, new_ui); 1365 spin_lock(&new_ui->ui_lock); 1366 new_ui->synced_i_size = new_ui->ui_size; 1367 spin_unlock(&new_ui->ui_lock); 1368 } 1369 mark_inode_clean(c, ubifs_inode(old_dir)); 1370 if (move) 1371 mark_inode_clean(c, ubifs_inode(new_dir)); 1372 kfree(dent); 1373 return 0; 1374 1375 out_release: 1376 release_head(c, BASEHD); 1377 out_ro: 1378 ubifs_ro_mode(c, err); 1379 if (last_reference) 1380 ubifs_delete_orphan(c, new_inode->i_ino); 1381 out_finish: 1382 finish_reservation(c); 1383 out_free: 1384 kfree(dent); 1385 return err; 1386 } 1387 1388 /** 1389 * truncate_data_node - re-compress/encrypt a truncated data node. 1390 * @c: UBIFS file-system description object 1391 * @inode: inode which referes to the data node 1392 * @block: data block number 1393 * @dn: data node to re-compress 1394 * @new_len: new length 1395 * 1396 * This function is used when an inode is truncated and the last data node of 1397 * the inode has to be re-compressed/encrypted and re-written. 1398 */ 1399 static int truncate_data_node(const struct ubifs_info *c, const struct inode *inode, 1400 unsigned int block, struct ubifs_data_node *dn, 1401 int *new_len) 1402 { 1403 void *buf; 1404 int err, dlen, compr_type, out_len, old_dlen; 1405 1406 out_len = le32_to_cpu(dn->size); 1407 buf = kmalloc_array(out_len, WORST_COMPR_FACTOR, GFP_NOFS); 1408 if (!buf) 1409 return -ENOMEM; 1410 1411 dlen = old_dlen = le32_to_cpu(dn->ch.len) - UBIFS_DATA_NODE_SZ; 1412 compr_type = le16_to_cpu(dn->compr_type); 1413 1414 if (ubifs_crypt_is_encrypted(inode)) { 1415 err = ubifs_decrypt(inode, dn, &dlen, block); 1416 if (err) 1417 goto out; 1418 } 1419 1420 if (compr_type == UBIFS_COMPR_NONE) { 1421 out_len = *new_len; 1422 } else { 1423 err = ubifs_decompress(c, &dn->data, dlen, buf, &out_len, compr_type); 1424 if (err) 1425 goto out; 1426 1427 ubifs_compress(c, buf, *new_len, &dn->data, &out_len, &compr_type); 1428 } 1429 1430 if (ubifs_crypt_is_encrypted(inode)) { 1431 err = ubifs_encrypt(inode, dn, out_len, &old_dlen, block); 1432 if (err) 1433 goto out; 1434 1435 out_len = old_dlen; 1436 } else { 1437 dn->compr_size = 0; 1438 } 1439 1440 ubifs_assert(c, out_len <= UBIFS_BLOCK_SIZE); 1441 dn->compr_type = cpu_to_le16(compr_type); 1442 dn->size = cpu_to_le32(*new_len); 1443 *new_len = UBIFS_DATA_NODE_SZ + out_len; 1444 err = 0; 1445 out: 1446 kfree(buf); 1447 return err; 1448 } 1449 1450 /** 1451 * ubifs_jnl_truncate - update the journal for a truncation. 1452 * @c: UBIFS file-system description object 1453 * @inode: inode to truncate 1454 * @old_size: old size 1455 * @new_size: new size 1456 * 1457 * When the size of a file decreases due to truncation, a truncation node is 1458 * written, the journal tree is updated, and the last data block is re-written 1459 * if it has been affected. The inode is also updated in order to synchronize 1460 * the new inode size. 1461 * 1462 * This function marks the inode as clean and returns zero on success. In case 1463 * of failure, a negative error code is returned. 1464 */ 1465 int ubifs_jnl_truncate(struct ubifs_info *c, const struct inode *inode, 1466 loff_t old_size, loff_t new_size) 1467 { 1468 union ubifs_key key, to_key; 1469 struct ubifs_ino_node *ino; 1470 struct ubifs_trun_node *trun; 1471 struct ubifs_data_node *uninitialized_var(dn); 1472 int err, dlen, len, lnum, offs, bit, sz, sync = IS_SYNC(inode); 1473 struct ubifs_inode *ui = ubifs_inode(inode); 1474 ino_t inum = inode->i_ino; 1475 unsigned int blk; 1476 u8 hash_ino[UBIFS_HASH_ARR_SZ]; 1477 u8 hash_dn[UBIFS_HASH_ARR_SZ]; 1478 1479 dbg_jnl("ino %lu, size %lld -> %lld", 1480 (unsigned long)inum, old_size, new_size); 1481 ubifs_assert(c, !ui->data_len); 1482 ubifs_assert(c, S_ISREG(inode->i_mode)); 1483 ubifs_assert(c, mutex_is_locked(&ui->ui_mutex)); 1484 1485 sz = UBIFS_TRUN_NODE_SZ + UBIFS_INO_NODE_SZ + 1486 UBIFS_MAX_DATA_NODE_SZ * WORST_COMPR_FACTOR; 1487 1488 sz += ubifs_auth_node_sz(c); 1489 1490 ino = kmalloc(sz, GFP_NOFS); 1491 if (!ino) 1492 return -ENOMEM; 1493 1494 trun = (void *)ino + UBIFS_INO_NODE_SZ; 1495 trun->ch.node_type = UBIFS_TRUN_NODE; 1496 trun->inum = cpu_to_le32(inum); 1497 trun->old_size = cpu_to_le64(old_size); 1498 trun->new_size = cpu_to_le64(new_size); 1499 zero_trun_node_unused(trun); 1500 1501 dlen = new_size & (UBIFS_BLOCK_SIZE - 1); 1502 if (dlen) { 1503 /* Get last data block so it can be truncated */ 1504 dn = (void *)trun + UBIFS_TRUN_NODE_SZ; 1505 blk = new_size >> UBIFS_BLOCK_SHIFT; 1506 data_key_init(c, &key, inum, blk); 1507 dbg_jnlk(&key, "last block key "); 1508 err = ubifs_tnc_lookup(c, &key, dn); 1509 if (err == -ENOENT) 1510 dlen = 0; /* Not found (so it is a hole) */ 1511 else if (err) 1512 goto out_free; 1513 else { 1514 int dn_len = le32_to_cpu(dn->size); 1515 1516 if (dn_len <= 0 || dn_len > UBIFS_BLOCK_SIZE) { 1517 ubifs_err(c, "bad data node (block %u, inode %lu)", 1518 blk, inode->i_ino); 1519 ubifs_dump_node(c, dn); 1520 goto out_free; 1521 } 1522 1523 if (dn_len <= dlen) 1524 dlen = 0; /* Nothing to do */ 1525 else { 1526 err = truncate_data_node(c, inode, blk, dn, &dlen); 1527 if (err) 1528 goto out_free; 1529 } 1530 } 1531 } 1532 1533 /* Must make reservation before allocating sequence numbers */ 1534 len = UBIFS_TRUN_NODE_SZ + UBIFS_INO_NODE_SZ; 1535 1536 if (ubifs_authenticated(c)) 1537 len += ALIGN(dlen, 8) + ubifs_auth_node_sz(c); 1538 else 1539 len += dlen; 1540 1541 err = make_reservation(c, BASEHD, len); 1542 if (err) 1543 goto out_free; 1544 1545 pack_inode(c, ino, inode, 0); 1546 err = ubifs_node_calc_hash(c, ino, hash_ino); 1547 if (err) 1548 goto out_release; 1549 1550 ubifs_prep_grp_node(c, trun, UBIFS_TRUN_NODE_SZ, dlen ? 0 : 1); 1551 if (dlen) { 1552 ubifs_prep_grp_node(c, dn, dlen, 1); 1553 err = ubifs_node_calc_hash(c, dn, hash_dn); 1554 if (err) 1555 goto out_release; 1556 } 1557 1558 err = write_head(c, BASEHD, ino, len, &lnum, &offs, sync); 1559 if (err) 1560 goto out_release; 1561 if (!sync) 1562 ubifs_wbuf_add_ino_nolock(&c->jheads[BASEHD].wbuf, inum); 1563 release_head(c, BASEHD); 1564 1565 ubifs_add_auth_dirt(c, lnum); 1566 1567 if (dlen) { 1568 sz = offs + UBIFS_INO_NODE_SZ + UBIFS_TRUN_NODE_SZ; 1569 err = ubifs_tnc_add(c, &key, lnum, sz, dlen, hash_dn); 1570 if (err) 1571 goto out_ro; 1572 } 1573 1574 ino_key_init(c, &key, inum); 1575 err = ubifs_tnc_add(c, &key, lnum, offs, UBIFS_INO_NODE_SZ, hash_ino); 1576 if (err) 1577 goto out_ro; 1578 1579 err = ubifs_add_dirt(c, lnum, UBIFS_TRUN_NODE_SZ); 1580 if (err) 1581 goto out_ro; 1582 1583 bit = new_size & (UBIFS_BLOCK_SIZE - 1); 1584 blk = (new_size >> UBIFS_BLOCK_SHIFT) + (bit ? 1 : 0); 1585 data_key_init(c, &key, inum, blk); 1586 1587 bit = old_size & (UBIFS_BLOCK_SIZE - 1); 1588 blk = (old_size >> UBIFS_BLOCK_SHIFT) - (bit ? 0 : 1); 1589 data_key_init(c, &to_key, inum, blk); 1590 1591 err = ubifs_tnc_remove_range(c, &key, &to_key); 1592 if (err) 1593 goto out_ro; 1594 1595 finish_reservation(c); 1596 spin_lock(&ui->ui_lock); 1597 ui->synced_i_size = ui->ui_size; 1598 spin_unlock(&ui->ui_lock); 1599 mark_inode_clean(c, ui); 1600 kfree(ino); 1601 return 0; 1602 1603 out_release: 1604 release_head(c, BASEHD); 1605 out_ro: 1606 ubifs_ro_mode(c, err); 1607 finish_reservation(c); 1608 out_free: 1609 kfree(ino); 1610 return err; 1611 } 1612 1613 1614 /** 1615 * ubifs_jnl_delete_xattr - delete an extended attribute. 1616 * @c: UBIFS file-system description object 1617 * @host: host inode 1618 * @inode: extended attribute inode 1619 * @nm: extended attribute entry name 1620 * 1621 * This function delete an extended attribute which is very similar to 1622 * un-linking regular files - it writes a deletion xentry, a deletion inode and 1623 * updates the target inode. Returns zero in case of success and a negative 1624 * error code in case of failure. 1625 */ 1626 int ubifs_jnl_delete_xattr(struct ubifs_info *c, const struct inode *host, 1627 const struct inode *inode, 1628 const struct fscrypt_name *nm) 1629 { 1630 int err, xlen, hlen, len, lnum, xent_offs, aligned_xlen, write_len; 1631 struct ubifs_dent_node *xent; 1632 struct ubifs_ino_node *ino; 1633 union ubifs_key xent_key, key1, key2; 1634 int sync = IS_DIRSYNC(host); 1635 struct ubifs_inode *host_ui = ubifs_inode(host); 1636 u8 hash[UBIFS_HASH_ARR_SZ]; 1637 1638 ubifs_assert(c, inode->i_nlink == 0); 1639 ubifs_assert(c, mutex_is_locked(&host_ui->ui_mutex)); 1640 1641 /* 1642 * Since we are deleting the inode, we do not bother to attach any data 1643 * to it and assume its length is %UBIFS_INO_NODE_SZ. 1644 */ 1645 xlen = UBIFS_DENT_NODE_SZ + fname_len(nm) + 1; 1646 aligned_xlen = ALIGN(xlen, 8); 1647 hlen = host_ui->data_len + UBIFS_INO_NODE_SZ; 1648 len = aligned_xlen + UBIFS_INO_NODE_SZ + ALIGN(hlen, 8); 1649 1650 write_len = len + ubifs_auth_node_sz(c); 1651 1652 xent = kzalloc(write_len, GFP_NOFS); 1653 if (!xent) 1654 return -ENOMEM; 1655 1656 /* Make reservation before allocating sequence numbers */ 1657 err = make_reservation(c, BASEHD, write_len); 1658 if (err) { 1659 kfree(xent); 1660 return err; 1661 } 1662 1663 xent->ch.node_type = UBIFS_XENT_NODE; 1664 xent_key_init(c, &xent_key, host->i_ino, nm); 1665 key_write(c, &xent_key, xent->key); 1666 xent->inum = 0; 1667 xent->type = get_dent_type(inode->i_mode); 1668 xent->nlen = cpu_to_le16(fname_len(nm)); 1669 memcpy(xent->name, fname_name(nm), fname_len(nm)); 1670 xent->name[fname_len(nm)] = '\0'; 1671 zero_dent_node_unused(xent); 1672 ubifs_prep_grp_node(c, xent, xlen, 0); 1673 1674 ino = (void *)xent + aligned_xlen; 1675 pack_inode(c, ino, inode, 0); 1676 ino = (void *)ino + UBIFS_INO_NODE_SZ; 1677 pack_inode(c, ino, host, 1); 1678 err = ubifs_node_calc_hash(c, ino, hash); 1679 if (err) 1680 goto out_release; 1681 1682 err = write_head(c, BASEHD, xent, write_len, &lnum, &xent_offs, sync); 1683 if (!sync && !err) 1684 ubifs_wbuf_add_ino_nolock(&c->jheads[BASEHD].wbuf, host->i_ino); 1685 release_head(c, BASEHD); 1686 1687 ubifs_add_auth_dirt(c, lnum); 1688 kfree(xent); 1689 if (err) 1690 goto out_ro; 1691 1692 /* Remove the extended attribute entry from TNC */ 1693 err = ubifs_tnc_remove_nm(c, &xent_key, nm); 1694 if (err) 1695 goto out_ro; 1696 err = ubifs_add_dirt(c, lnum, xlen); 1697 if (err) 1698 goto out_ro; 1699 1700 /* 1701 * Remove all nodes belonging to the extended attribute inode from TNC. 1702 * Well, there actually must be only one node - the inode itself. 1703 */ 1704 lowest_ino_key(c, &key1, inode->i_ino); 1705 highest_ino_key(c, &key2, inode->i_ino); 1706 err = ubifs_tnc_remove_range(c, &key1, &key2); 1707 if (err) 1708 goto out_ro; 1709 err = ubifs_add_dirt(c, lnum, UBIFS_INO_NODE_SZ); 1710 if (err) 1711 goto out_ro; 1712 1713 /* And update TNC with the new host inode position */ 1714 ino_key_init(c, &key1, host->i_ino); 1715 err = ubifs_tnc_add(c, &key1, lnum, xent_offs + len - hlen, hlen, hash); 1716 if (err) 1717 goto out_ro; 1718 1719 finish_reservation(c); 1720 spin_lock(&host_ui->ui_lock); 1721 host_ui->synced_i_size = host_ui->ui_size; 1722 spin_unlock(&host_ui->ui_lock); 1723 mark_inode_clean(c, host_ui); 1724 return 0; 1725 1726 out_release: 1727 kfree(xent); 1728 release_head(c, BASEHD); 1729 out_ro: 1730 ubifs_ro_mode(c, err); 1731 finish_reservation(c); 1732 return err; 1733 } 1734 1735 /** 1736 * ubifs_jnl_change_xattr - change an extended attribute. 1737 * @c: UBIFS file-system description object 1738 * @inode: extended attribute inode 1739 * @host: host inode 1740 * 1741 * This function writes the updated version of an extended attribute inode and 1742 * the host inode to the journal (to the base head). The host inode is written 1743 * after the extended attribute inode in order to guarantee that the extended 1744 * attribute will be flushed when the inode is synchronized by 'fsync()' and 1745 * consequently, the write-buffer is synchronized. This function returns zero 1746 * in case of success and a negative error code in case of failure. 1747 */ 1748 int ubifs_jnl_change_xattr(struct ubifs_info *c, const struct inode *inode, 1749 const struct inode *host) 1750 { 1751 int err, len1, len2, aligned_len, aligned_len1, lnum, offs; 1752 struct ubifs_inode *host_ui = ubifs_inode(host); 1753 struct ubifs_ino_node *ino; 1754 union ubifs_key key; 1755 int sync = IS_DIRSYNC(host); 1756 u8 hash_host[UBIFS_HASH_ARR_SZ]; 1757 u8 hash[UBIFS_HASH_ARR_SZ]; 1758 1759 dbg_jnl("ino %lu, ino %lu", host->i_ino, inode->i_ino); 1760 ubifs_assert(c, host->i_nlink > 0); 1761 ubifs_assert(c, inode->i_nlink > 0); 1762 ubifs_assert(c, mutex_is_locked(&host_ui->ui_mutex)); 1763 1764 len1 = UBIFS_INO_NODE_SZ + host_ui->data_len; 1765 len2 = UBIFS_INO_NODE_SZ + ubifs_inode(inode)->data_len; 1766 aligned_len1 = ALIGN(len1, 8); 1767 aligned_len = aligned_len1 + ALIGN(len2, 8); 1768 1769 aligned_len += ubifs_auth_node_sz(c); 1770 1771 ino = kzalloc(aligned_len, GFP_NOFS); 1772 if (!ino) 1773 return -ENOMEM; 1774 1775 /* Make reservation before allocating sequence numbers */ 1776 err = make_reservation(c, BASEHD, aligned_len); 1777 if (err) 1778 goto out_free; 1779 1780 pack_inode(c, ino, host, 0); 1781 err = ubifs_node_calc_hash(c, ino, hash_host); 1782 if (err) 1783 goto out_release; 1784 pack_inode(c, (void *)ino + aligned_len1, inode, 1); 1785 err = ubifs_node_calc_hash(c, (void *)ino + aligned_len1, hash); 1786 if (err) 1787 goto out_release; 1788 1789 err = write_head(c, BASEHD, ino, aligned_len, &lnum, &offs, 0); 1790 if (!sync && !err) { 1791 struct ubifs_wbuf *wbuf = &c->jheads[BASEHD].wbuf; 1792 1793 ubifs_wbuf_add_ino_nolock(wbuf, host->i_ino); 1794 ubifs_wbuf_add_ino_nolock(wbuf, inode->i_ino); 1795 } 1796 release_head(c, BASEHD); 1797 if (err) 1798 goto out_ro; 1799 1800 ubifs_add_auth_dirt(c, lnum); 1801 1802 ino_key_init(c, &key, host->i_ino); 1803 err = ubifs_tnc_add(c, &key, lnum, offs, len1, hash_host); 1804 if (err) 1805 goto out_ro; 1806 1807 ino_key_init(c, &key, inode->i_ino); 1808 err = ubifs_tnc_add(c, &key, lnum, offs + aligned_len1, len2, hash); 1809 if (err) 1810 goto out_ro; 1811 1812 finish_reservation(c); 1813 spin_lock(&host_ui->ui_lock); 1814 host_ui->synced_i_size = host_ui->ui_size; 1815 spin_unlock(&host_ui->ui_lock); 1816 mark_inode_clean(c, host_ui); 1817 kfree(ino); 1818 return 0; 1819 1820 out_release: 1821 release_head(c, BASEHD); 1822 out_ro: 1823 ubifs_ro_mode(c, err); 1824 finish_reservation(c); 1825 out_free: 1826 kfree(ino); 1827 return err; 1828 } 1829 1830